MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76f948c084b30647cc6fe5aa31ad9a8af237f8b3d3d48d7811fbe56c01a82057. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76f948c084b30647cc6fe5aa31ad9a8af237f8b3d3d48d7811fbe56c01a82057
SHA3-384 hash: d2a8c3ca798f5c70c0088ce3a627a1c086459a19aae1add6d7e8012acd69b376ec8d8882922e722041358c99459958f0
SHA1 hash: 16a036f7b082c3343d6277ac54efd775404b4402
MD5 hash: dfb73550b16f3035977b82a6ab3a5bd3
humanhash: kilo-hydrogen-london-rugby
File name:kVDT.zip
Download: download sample
File size:657'962 bytes
First seen:2023-11-20 08:59:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:XD5jKnoYMXeov9VKvZzHhLKJ2dzR0cYPXdFse+pnK/H+U4:1Dv9kjKJ2rtRppKeT
TLSH T170E4233155A6CC5463FFF61E60BF0956E3D73EE7851B09280135709AB5FA2322AB8137
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Qppge.exe
File size:0 bytes
SHA256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
MIME type:inode/x-empty
Vendor Threat Intelligence
Gathering data
Verdict:
Suspicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/76f948c084b30647cc6fe5aa31ad9a8af237f8b3d3d48d7811fbe56c01a82057
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/76f948c084b30647cc6fe5aa31ad9a8af237f8b3d3d48d7811fbe56c01a82057
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76f948c084b30647cc6fe5aa31ad9a8af237f8b3d3d48d7811fbe56c01a82057/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o34urqeewmdeptdp4wvddlm2rlzdp6ft2pki26ar7pswyanieblq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/231120-k8fvtseh58/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z 0c2d3bb028c729f96e4338566577cfd390b0ea6cb28684d807d379a6a6839fe6

pdf aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548

zip 76f948c084b30647cc6fe5aa31ad9a8af237f8b3d3d48d7811fbe56c01a82057

(this sample)

AgentTesla

Executable exe 20b4ef8e8decc7e48f1ce33615ea9280c20f6ff81efafa86cf5f9bd7de4ebcdd

  
Delivery method
Other
  
Dropped by
SHA256 aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548
  
Dropping
SHA256 20b4ef8e8decc7e48f1ce33615ea9280c20f6ff81efafa86cf5f9bd7de4ebcdd
  
URLhaus
https://urlhaus.abuse.ch/url/2732145/
  
Dropping
MD5 b33deba4aed98e836c610e93cebbb4bd
  
Dropped by
MD5 aeb68f698f88108260ca933385e865e9

Comments


Avatar
Corsin Camichel commented on 2023-11-20 09:03:54 UTC

password listed in PDF document

6481